package middlewares

import (
	"net/http"

	"github.com/gin-gonic/gin"
	"github.com/gorilla/csrf"
	adapter "github.com/gwatts/gin-adapter"
)

var csrfMiddleware func(http.Handler) http.Handler

func CsrfMiddleware() gin.HandlerFunc {
	csrfMiddleware = csrf.Protect(
		[]byte("32-byte-long-auth-key"),
		csrf.Secure(false),
		csrf.HttpOnly(true),
		csrf.ErrorHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			w.WriteHeader(http.StatusForbidden)
			w.Write([]byte(`{"code": "400", "data": "", "message": "Forbidden - CSRF tokan invalid"}`))
		})),
	)
	return adapter.Wrap(csrfMiddleware)
}
